Bugtraq mailing list archives
Re: abuse of nickserv
From: studno1 () INTELLEX COM (StudNo1)
Date: Thu, 25 Mar 1999 21:07:08 -0600
I am a DALnet Csop. Let me clarify something. No one should ever use /msg to services on dalnet. DALnet has had built into the ircd for about a year now the command /nickserv /chanserv and /memoserv to replace the need for /msg. If these are used as has been advised for along time there will be no problems at all with this. Just a FYI. -----Original Message----- From: Nelson Little <nel74 () TIG COM AU> To: BUGTRAQ () netspace org <BUGTRAQ () netspace org> Date: Thursday, March 25, 1999 7:47 PM Subject: abuse of nickserv
Hi, Many people that IRC on Dalnet have scripts which automatically identify their nicknames via "/msg nickserv identify your_password" This works fine, however,if you also IRC on Undernet you can run into a problem. Undernet has no nickserv so if someone on Undenet decides to use the nick "nickserv" they will be exposed to countless passwords from all the people that automatically identify themselves. Once the evil user has these passwords they can jump on Dalnet and steal that person's nick and change the password. With a bit of brain power, and I won't go into how, they can also abuse op in any channels that person has op access in. Dalnet has been advised and starting on April 15th, you'll need to identify to NickServ using /msg NickServ () services dal net IDENTIFY instead of just using /msg NickServ IDENTIFY. All the other IRC networks that I tested have a nickserv bot which halts the abuse mentioned above. Regards Nelson
Current thread:
- Re: abuse of nickserv StudNo1 (Mar 25)